Jump to content

DI Exposed


DiExposed
 Share

Recommended Posts

Brian admitted he was storing passwords because of an exploit in the recovery system. He advised everyone to use different passwords aswell. If you need your password back you could just ask.

Edited by Twix
Link to comment
Share on other sites

It's common knowledge really that with IPB2 you can easily find people's login information. This problem was fixed in IPB3. Sure there's ways to go around that, but you'd need access to the database and the salts which make it more complicated.

 

It just goes to show to use different passwords for different sites. Not really a difficult concept to grasp to be honest.

Edited by Killerred005

j0xPu5R.png

Link to comment
Share on other sites

So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure:

Edited by WeeMan1311

A2xdnTr.png

X2LvGU2.png

Link to comment
Share on other sites

So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure:

Login information always has to be stored in the database - but this shows that DI was deliberately storing them in plain text in a way that could make them easily retrieved.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites

Lol I made an account in those forums just for the New Year's hack lulz. Can't remember the user and pass now though. :\

Edited by kuru72

kuru72siggy3.png

 

Retired on: June 30, 2010

Link to comment
Share on other sites

So you exposed what exactly? That password & attempted logins were being stored...not exactly a thing that needs "exposing" really :unsure:

 

Passwords are stored in databases but they're encrypted.. meaning that no one, including people who have access to the database, can crack your password. They exploited code to mess around with that.

 

Kinda disappointed here. Luckily I use a different password for everything, but damn, I can't help but think how many accounts were hacked this way. Really uncool.

Edited by Deltaer

[2010] Proud Member of Downfall

[2004-2005] Former Leader of The Unbreakables, Former Member of Corruption, Former Member of 'The' Clan

(...and Anarchy for a few weeks... shhh...)

Link to comment
Share on other sites

This is what passwords look like in a database in their encrypted form:

 

passwords.png

 

It is possible to unencrypt them, that is, make them legible - but it's difficult.

polvCwJ.gif
"It's not a rest for me, it's a rest for the weights." - Dom Mazzetti

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.